On Fri, 23 Apr 2004, Nigel Metheringham wrote:
On Thu, 2004-04-22 at 16:12, Stuart D. Gathman wrote:
2525 were rejected because of HELO failing the SPF check. Of these,
2419 used a HELO with my own domain, and 106 used a HELO with other
domains. (So just rejecting your own domains from external servers
gets most of the benefit - but SPF generalizes the check and eliminates a
configuration item.)
For example, although HELO <mailserver domain> is a damn good indicator
of bad stuff, its also used by some MUAs - in particular
Mozilla/Thunderbird. Obviously you would use authenticated SMTP (maybe
MSA) for a remote client talking to your mail server, and the rules for
an authenticated client should be rather different....
We have been sending mail from remote locations via VPN - so it shows up
as an "INTERNAL" server. However, I just got SMTP AUTH configured last
night, and will be adding support for that in the milter. I believe all
I have to do is flag the connection as "INTERNAL" when it is authenticated.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.